Recent Posts

Recent Blog Posts

The PhishLabs Blog

Rock moves to email attachments

Posted by John LaCour on Nov 17, '09

For over a year, the Rock Phish Gang was using the Avalanche botnet to host their various phishing scams and malware distribution sites. Fortunately, the botnet was shutdown last week - how long remains to be seen. Unfortunately, the Rock Phish Gang have not gone away.

These criminals continue to distribute their ZeuS trojans and steal funds from banking accounts. They have resorted to the old tactic of attaching the malware file directly to the email.

Recent scam emails have targeted Verizon Wireless and Vodafone with emails claiming that “Your credit balance is over its limit”. Today’s scam announces that “your mailbox has been deactivated” (despite sending you a message to your mailbox!).


In all three cases, the emails contain a .zip file which contains a ZeuS banking trojan. Currently, this trojan is detected by 22 of 41 antivirus products according to VirusTotal. The malware also “phones home” to the same servers previously seen in Rock phish zeus malware. Details in this ThreatExpert report.

Topics: Phishing, Malware, Rock Phish, Trojan, ZeuS

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Subscribe to Email Updates

Posts by Topic

see all